Available Solutions Against DDoS Attacks:
← Older revision
Revision as of 15:25, 24 September 2012
(5 intermediate revisions by one user not shown)
Line 1:
Line 1:
'''DDoS''' is the acronym for '''Distributed Denial of Service.'''
'''DDoS''' is the acronym for '''Distributed Denial of Service.'''
−
The telephone system, computer system and Domain Name System ([[DNS]]) sometimes become unusable during peak hours because of supply and demand. However, when an intruder or hacker interrupts the system, takes control of the computer, prevents the legitimate user from using it, and forces the computer to send such a large amount of
email
to another person that it cannot be handled by the recipient's save disk, a '''Denial of Service (DoS) attack''' happens
. If an intruder attacks a particular computer, takes control of it, sends extraordinary amount of data to a website and distributes it to numerous email addresses affecting the computer network, the intrusion is called a '''Distributed Denial of Service attack'''
.
[http://www.cert.org/homeusers/ddos.html What is a Distributed Denial of Service (DDoS) Attack and What Can I Do About It?]
+
The telephone system, computer system and Domain Name System ([[DNS]]) sometimes become unusable during peak hours because of supply and demand. However, when an intruder or hacker interrupts the system, takes control of the computer, prevents the legitimate user from using it, and forces the computer to send such a large amount of
data
to another person that it cannot be handled by the recipient's save disk, a '''Denial of Service (DoS) attack''' happens.
[http://www.cert.org/homeusers/ddos.html What is a Distributed Denial of Service (DDoS) Attack and What Can I Do About It?]
==Background==
==Background==
−
The [[CERT/CC]] at Canegie Mellon University documented the first incident of Denial Of Service Attack in 1999 when the [[Trinoo]] and [[Tribe Flood Network]] (TFN) DDoS Network tools were widely distributed
. The two DDoS used UDP Flood attack, TCP SYN flood, ICMP echo request flood, and ICMP directed broadcast denial of service attacks respectively
.
[http://www.cert.org/incident_notes/IN-99-07.html Cert Incident Notes IN-99-09 Distributed Denial of Service Tools]
Trinoo attacked a single computer from Minnesota University, affected around 227 systems, and became unusable for more than two days.
+
The [[CERT/CC]] at Canegie Mellon University documented the first incident of Denial Of Service Attack in 1999 when the [[Trinoo]] and [[Tribe Flood Network]] (TFN) DDoS Network tools were widely distributed.
[http://www.cert.org/incident_notes/IN-99-07.html Cert Incident Notes IN-99-09 Distributed Denial of Service Tools]
Trinoo attacked a single computer from Minnesota University, affected around 227 systems, and became unusable for more than two days.
[http://www.garykessler.net/library/ddos.html Defenses Against Distributed Denial of Service Attacks]
[http://www.garykessler.net/library/ddos.html Defenses Against Distributed Denial of Service Attacks]
−
On
February 2000, a massive DDoS attack paralyzed high profile websites including [[Yahoo]]!, [[Buy.com]], [[eBay]], CNN, [[Amazon.com]], [[ZDNet.com]], E-Trade, and Excite, which together lost an estimated amount
of
$1.7 billion. A suspect, a Canadian juvenile with the online alias "mafiaboy," was arrested
on
April of the same year. He pleaded guilty on January 18, 2001 on 56 charges of mischief and illegal use of computer services.
[http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html E-Commerce Giants Crippled in DDoS Attacks]
+
In
February
,
2000, a massive DDoS attack paralyzed high profile websites including [[Yahoo]]!, [[Buy.com]], [[eBay]], CNN, [[Amazon.com]], [[ZDNet.com]], E-Trade, and Excite, which together lost an estimated amount $1.7 billion. A suspect, a Canadian juvenile with the online alias "mafiaboy," was arrested
in
April of the same year. He pleaded guilty on January 18, 2001 on 56 charges of mischief and illegal use of computer services.
[http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html E-Commerce Giants Crippled in DDoS Attacks]
Over the years, intruders have used different DDoS tools to affect computer systems:
Over the years, intruders have used different DDoS tools to affect computer systems:
Line 16:
Line 16:
[http://www.us-cert.gov/reading_room/home-network-security/#III-B-1 Home Network Security]
[http://www.us-cert.gov/reading_room/home-network-security/#III-B-1 Home Network Security]
* [[Leaves]], which was capable of updating and changing its functionality during a hack, affected millions of internet users in five Chinese provinces when an unknown hacker attacked the the server of [[DNSPod]], a Chinese domain name registrar in 2009;
[http://news.softpedia.com/news/DDoS-Attack-Leaves-Five-Chinese-Provinces-Without-Internet-112313.shtml DDoS Attack Leaves Five Chinese Provinces Without Internet]
* [[Leaves]], which was capable of updating and changing its functionality during a hack, affected millions of internet users in five Chinese provinces when an unknown hacker attacked the the server of [[DNSPod]], a Chinese domain name registrar in 2009;
[http://news.softpedia.com/news/DDoS-Attack-Leaves-Five-Chinese-Provinces-Without-Internet-112313.shtml DDoS Attack Leaves Five Chinese Provinces Without Internet]
−
as well as many other viruses and worms distributed by hackers to cripple computer networks in homes and organizations.
−
In August 2009, [[Twitter]] reported that its website suffered from a DDoS attack.
[http://www.circleid.com/posts/twitter_taken_down_by_ddos_attack_company_confirms/ Twitter Taken Down by DDoS Attack, Company Confirms]
Its 45 million users were unable to use its service for hours. A large quantity of junk e-mails were sent to the website
which originated
from Russia or Republic of Georgia. According to Bill Woodcock, research director of the Packet Clearing House, the cyber war between Russia and Georgia was extended
on the
Twitter's website. Facebook and Google were also victims of DDoS attacks
during
the same day
/
[http://www.nytimes.com/2009/08/07/technology/internet/07twitter.html Online Attack Silences Twitter for Much of Day]
+
In August 2009, [[Twitter]] reported that its website suffered from a DDoS attack.
[http://www.circleid.com/posts/twitter_taken_down_by_ddos_attack_company_confirms/ Twitter Taken Down by DDoS Attack, Company Confirms]
Its 45 million users were unable to use its service for hours. A large quantity of junk e-mails were sent to the website
, originating
from Russia or
the
Republic of Georgia. According to Bill Woodcock, research director of the
[[
Packet Clearing House
]]
, the cyber war between Russia and Georgia was extended
to
Twitter's website. Facebook and Google were also victims of DDoS attacks
on
the same day
.
[http://www.nytimes.com/2009/08/07/technology/internet/07twitter.html Online Attack Silences Twitter for Much of Day]
[[Network Solutions]] spokesperson [[Shashi Bellamkonda]] reported that the company experienced a consecutive DDoS attacks on June 20-21, 2011 wherein its costumers were unable to access the server and e-mail and the website became unstable. The company resolved the problem as quickly as possible.
[http://dos-attacks.com/2011/06/22/network-solutions-bounces-back-after-ddos/ Network Solutions Bounces Back After DDoS]
[[Network Solutions]] spokesperson [[Shashi Bellamkonda]] reported that the company experienced a consecutive DDoS attacks on June 20-21, 2011 wherein its costumers were unable to access the server and e-mail and the website became unstable. The company resolved the problem as quickly as possible.
[http://dos-attacks.com/2011/06/22/network-solutions-bounces-back-after-ddos/ Network Solutions Bounces Back After DDoS]
==Packet Flooding Attack==
==Packet Flooding Attack==
−
The Packet Flooding Attack is the most common type of Denial of Service Attack. The modus operandi of intruders is sending more than acceptable number of packets to a particular destination
which consumes
the entire bandwidth resources. There are several types of packets used by Packet Flooding Attack tools, including:
+
The Packet Flooding Attack is the most common type of Denial of Service Attack. The modus operandi of intruders is sending more than
an
acceptable number of packets to a particular destination
, thereby consuming
the entire bandwidth resources. There are several types of packets used by Packet Flooding Attack tools, including:
* [[TCP]] Floods - SYN, ACK and RST flags are sent to the victim's [[IP]] Address
* [[TCP]] Floods - SYN, ACK and RST flags are sent to the victim's [[IP]] Address
* [[ICMP]] echo request reply (Ping Floods) - A stream of ICMP is sent to the victim's IP Address
* [[ICMP]] echo request reply (Ping Floods) - A stream of ICMP is sent to the victim's IP Address
Line 39:
Line 38:
==Frequency of DDoS Attacks==
==Frequency of DDoS Attacks==
−
On May 2011, a research commissioned by Verisign found
a
widespread DDoS attacks on businesses in all industries. The research revealed that 63% out of the 225 IT decision-makers who respond to the survey reported that they experience more than one DDoS
attacks for
the past year while 11% said they experienced more than 6 attacks. Sixty seven percent (67%) of the respondents believe that the frequency of DDoS attacks within the next two years will increase or stay the same and 71% of the respondents believe that DDoS protection is important to maintain their website and services
available
and 71% of the respondents who lack DDoS protection plan to implent solutions within the next 12 months.
[http://www.circleid.com/posts/20110509_businesses_lack_safeguards_against_ddos_attacks_dns_failures/ Businesses Lack Safeguards Against DDoS Attacks and DNS Failures, New Research Shows]
+
On May 2011, a research commissioned by
[[
Verisign
]]
found widespread DDoS attacks on businesses in all industries. The research revealed that 63% out of the 225 IT decision-makers who respond to the survey reported that they experience more than one DDoS
attack over
the past year
,
while 11% said they experienced more than 6 attacks. Sixty seven percent (67%) of the respondents believe that the frequency of DDoS attacks within the next two years will increase or stay the same and 71% of the respondents believe that DDoS protection is important to maintain their website and services
,
and 71% of the respondents who lack DDoS protection plan to implent solutions within the next 12 months.
[http://www.circleid.com/posts/20110509_businesses_lack_safeguards_against_ddos_attacks_dns_failures/ Businesses Lack Safeguards Against DDoS Attacks and DNS Failures, New Research Shows]
−
According to Ted Swearingen, Director of Security Operations at [[Neustar]], as
much
as 7,000 DDoS attacks may occur in one day. He also said that the rate of attacks continue to increase every year. He explained that the escalating incidences of DDoS attacks is largely due to the fact that the tools used to launch attacks
has
become common and easier to create.
[http://www.circleid.com/posts/protecting_your_business_from_ddos_attacks_advice_from_neustar/ Protecting Your Business from DDoS Attacks: Advice from Neustar]
+
According to Ted Swearingen, Director of Security Operations at [[Neustar]], as
many
as 7,000 DDoS attacks may occur in one day. He also said that the rate of attacks continue to increase every year. He explained that the escalating incidences of DDoS attacks is largely due to the fact that the tools used to launch attacks
have
become common and easier to create.
[http://www.circleid.com/posts/protecting_your_business_from_ddos_attacks_advice_from_neustar/ Protecting Your Business from DDoS Attacks: Advice from Neustar]
−
On
January 2012, the latest State of the Internet report released by [[Akamai]], a global service provider for accelerating content and business process online revealed that for the past three years, the occurrences of DDoS attacks increased by 2,000%. The report revealed that attacks originated from 195 countries during the the third quarter of 2011 and the '''top ten countries where DDoS attacks originated''' include:
[http://www.circleid.com/posts/20120131_ddos_attacks_increased_by_2000_percent_in_past_3_years/ DDoS Attacks Increased by 2000% in Past 3 Years, Asia Generating Over Half of Recent Attacks]
+
In
January
,
2012, the latest State of the Internet report released by [[Akamai]], a global service provider for accelerating content and business process online
,
revealed that for the past three years, the occurrences of DDoS attacks increased by 2,000%. The report revealed that attacks originated from 195 countries during the the third quarter of 2011 and the '''top ten countries where DDoS attacks originated''' include:
[http://www.circleid.com/posts/20120131_ddos_attacks_increased_by_2000_percent_in_past_3_years/ DDoS Attacks Increased by 2000% in Past 3 Years, Asia Generating Over Half of Recent Attacks]
# Indonesia (14%)
# Indonesia (14%)
Line 58:
Line 57:
==Available Solutions Against DDoS Attacks==
==Available Solutions Against DDoS Attacks==
===Neustar SiteProtect===
===Neustar SiteProtect===
−
On
April 2011, [[Neustar]] launched '''SiteProtect''', a cloud based service
which
aims to provide higher level of security for UltraDNS customers against Distributed Denial of Service
(DDoS)
attacks. SiteProtect enables web
infrastructures
to function normally and avoids downtime even if it is under attack.
The combination of SiteProtect and UltraDNS provide consumers with a strong protection for the Domain Name System (
[[
DNS
]]
) and web traffic
,
protecting business owners from possible revenue loss. According to Rick Rumbarger, Product Management
Senior Director of Neustar Internet Infrastructure Services, ''"The problem with other approaches to DDoS protection is that the network needs to take a hit before mitigation is started. With SiteProtect, the brunt of the attack is immediately shifted away from the client infrastructure and directed to our mitigation cloud service. By moving this service to the cloud, customers no longer have to buy and maintain large capacity infrastructure with its resulting capex expenses."''
[http://www.circleid.com/posts/20110405_neustar_launches_siteprotect_for_ddos_protection/ Neustar Launches SiteProtect for DDoS Protection]
+
In
April
,
2011, [[Neustar]] launched '''SiteProtect''', a cloud based service
that
aims to provide
a
higher level of security for
[[
UltraDNS
]]
customers against
[[DDoS|
Distributed Denial of Service
]]
attacks. SiteProtect enables web
infrastructure
to function normally and avoids downtime even if it is under attack.
According to
[[
Rick Rumbarger
]],
the
Senior Director of Neustar Internet Infrastructure Services, ''"The problem with other approaches to DDoS protection is that the network needs to take a hit before mitigation is started. With SiteProtect, the brunt of the attack is immediately shifted away from the client infrastructure and directed to our mitigation cloud service. By moving this service to the cloud, customers no longer have to buy and maintain large capacity infrastructure with its resulting capex expenses."''
[http://www.circleid.com/posts/20110405_neustar_launches_siteprotect_for_ddos_protection/ Neustar Launches SiteProtect for DDoS Protection]
===Verisign UpTime Bundle===
===Verisign UpTime Bundle===
−
In March 2011, '''Verisign''' introduced '''Verisign Uptime Bundle''', a cloud-based services bundled with Domain Name System (DNS) hosting, threat intelligence services and protection against DDoS attacks. The new service helps improve the performance, security and availability of websites, email, and critical network services. Ben Petro, senior vice president of the Verisign Network Intelligence and Availability
business
explained that a single line of defense against DDoS attacks is no longer reliable to ensure the availability of website and applications. He said that Verisign's Uptime Bundle is a muti-layered solution and offers the best way to detect and disarm an attack before substantial losses occur.
[http://www.circleid.com/posts/20110328_verisign_uptime_bundle_combines_ddos_protection_managed_dns/ New Verisign Uptime Bundle Combines DDoS Protection, Managed DNS and Threat Intelligence Services]
+
In March
,
2011, '''Verisign''' introduced '''Verisign Uptime Bundle''', a cloud-based services bundled with Domain Name System (DNS) hosting, threat intelligence services and protection against DDoS attacks. The new service helps improve the performance, security and availability of websites, email, and critical network services.
[[
Ben Petro
]]
, senior vice president of the Verisign Network Intelligence and Availability
Business,
explained that a single line of defense against DDoS attacks is no longer reliable to ensure the availability of website and applications. He said that Verisign's Uptime Bundle is a muti-layered solution and offers the best way to detect and disarm an attack before substantial losses occur.
[http://www.circleid.com/posts/20110328_verisign_uptime_bundle_combines_ddos_protection_managed_dns/ New Verisign Uptime Bundle Combines DDoS Protection, Managed DNS and Threat Intelligence Services]
==References==
==References==